Cisco Secure Network Server 3415 and 3495

Harinirina RATAHINARISOA · ‎01-23-2014

Hi all,

We plan to buy ISE. Please, find below some details

- The number of users is about 800 and i am a bit confused if we should order SNS 3415 or SNS 3495 (I see in some documents that the max user for SNS 3415 is 200 and I would like to have confirmation if SNS 3415 is fine for 800 users).

- Some users will connect with wireless and others wired.In this case, do I need to use inline node and have to use SNS 3415?

- Can I use SNS 3415 and 3495in the same network? (for ex. SNS 3415 for wireless, SNS 3495 for wiredand administration) ?

Regards

Charlie Moreton · ‎01-23-2014

Harinirina,

I don't know where you got 200 as the max number of endpoints. The 3415 can handle up to 5000 endpoints. See this screenshot from the ordering guide:

You only need an Inline Posture Node if you have users connecting to your network through an off-site VPN Connection. THE IPN handles the CoA behind the ASA. ASA 9.2.1 (not yet released) will be able to handle C0A and at that time, no IPN will be needed.

SNS-3415 and SNS-3495 can definitely be used together in the same network, but your deployment plans will not. You license the ISE deployment-wide. For example, you can license for wireless only, but that would make the entire deployment wireless only. To have 2 separate deployments of ISE in a network is NOT supported and will create issues.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.

Charles Moreton

Harinirina RATAHINARISOA · ‎01-27-2014

Hi Moreton,

Thanks for your reply and for the screenshot.

Your explanation is very clear for Inline Posture Node, thanks a lot.

I would like to know how to do if we have both wired and wireless users and want to use ISE?

Should we only deploy ISE only for wired or only for wireless/VPN only or can we deploy ISE for both.

If we can deploy ISE for all type of users, how many SNS and which model should we buy?

Best Regards

Charlie Moreton · ‎01-27-2014

Harinirina,

First, a few questions.

Is this for a production environment?

Is 800 the number of users on number of endpoints?

Will you have External VPN users to authenticate?

What is the timeframe for deployment?

Are you planning to attend the ISE Certification course?

Is your company an ISE ATP Partner?

These questions will dictate the ISE needs for your network.

Charles Moreton

Harinirina RATAHINARISOA · ‎01-28-2014

Hi Moreton,

Yes, we plan to deploy ISE for a production environment. 800 is the number of endpoints and we will have External VPN users to authenticate.

What would you suggest for the number and model of SNS to buy in this case?

We are not yet ISE ATP Partner but we are planning to attend the ISE Certification course.

Could you please give more information on how to become ISE ATP Partner?

Best Regards

Charlie Moreton · ‎01-28-2014

Harinirina,

So the timeframe for deployment is still six months or more away? In that case, 2 SNS-3415s running in High Availability mode will be all you need. The software for the ASA will hopefully be released by then and the need for the Inline Posture Node will be relieved.

In order to become an ISE ATP Partner, you have to work with your Account Manager and request an invitation to the program.

Here are the requirements:

http://www.cisco.com/web/partners/partner_with_cisco/channel_partner_program/resale/atp/ise.html

Attending the Cisco ISE Engineer training and passing the exam is a must.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.

Charles Moreton